| Lads, | | I thought many of you would be interested in the text of this story. I'm | wondering if anyone has any comments on the excryption mechanism (i.e. | "eavesdropping" protection) being used. It my personal feeling that Netscape doesn't have the right talent mix to develop secure software. For example, they may well get the RSA parts right, and then store the passphrase in a text file, 'for ease of use.' The RSA is secure, but the system is not secure if usnauthorized people using your machine is a possibility. Writing secure software is a difficult and tricky buisness that requires a lot of effort; early versions of Mosaic had problems. Netscape really needs to develop a threat model that allows them to assess the severity of potential problems. It is my guess that they have not done so, although, I'd be pleased to hear I'm wrong. Everyone's favorite company, First Virtual, seems to have developed a threat model that allows them to offload allmost all risk and security problems to their customers. It may not be a good solution, but at least they have considered how the security of their system intersects the real world. Just integrating RSA does not do that. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume